[unisog] Password policies

Saqib Ali docbook.xml at gmail.com
Wed Apr 19 17:42:46 GMT 2006

> Requiring frequent changes only pushes people to writing the passwords
> on sticky notes stuck to their monitors.  Is there any data to support
> the idea that changing every 3 months is better than changing every
> 3 decades?

Offcourse. It depends on how long it takes to crack / guess a
password. If a hyrid-brute-force attack takes 3 months to crack a
password, then having a password lifetime of 3 decade would be pretty

The password expiration should be set to a time period that is LESS
then the amount of time  required to brute-force a password.

Support http://www.capital-punishment.net
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15

More information about the unisog mailing list